Topic: Security

A newly-discovered flaw in some implementations of cryptographic protocols SSL and TLS -- including those used by Apple's Safari and Google's Android AOSP browsers -- could allow an attacker to force clients to use older, weaker encryption that would make it significantly easier to intercept secure communications.

Privacy advocates have long tried to educate consumers on the perils of giving apps access to GPS data, but a group of Stanford researchers has developed a method to infer a device's location from a seemingly much more innocuous source -- battery charge information.

Chinese PC maker Lenovo has found itself in the middle of a public relations disaster, following revelations that it sold a number of notebook computers with pre-installed software that hijacks users' browser sessions to inject customized advertisements and seriously degrades the security of encrypted connections.

Apple is among more than a half-dozen major U.S. corporations that have agreed to integrate the White House's Cybersecurity Framework into their operations, but the iPhone maker will not share security information with the federal government.

Speaking at the White House Summit on Cybersecurity and Consumer Protection on Friday, Apple Chief Executive Tim Cook revealed that the U.S. government plans to begin accepting Apple Pay for a number of transactions, starting with admission to U.S. national parks.

Apple continues to expand the range of offerings covered by its two-step verification scheme, with security-conscious users now able to count iMessage and FaceTime among those features protected by the service.

Once a hot item for thieves and pickpockets, Apple's iPhone is becoming a significantly less attractive target as the company's Activation Lock prevents the devices from being easily wiped and re-sold, a new report indicates.

Apple's chief executive will reportedly be among those speaking to participants at Friday's White House Summit on Cybersecurity and Consumer Protection, an event designed to bring together representatives from all sides of the cybersecurity and privacy debate.

A malware campaign known in the security industry as "Operation Pawn Storm" has begun to target Apple's iOS devices with a new malicious application that can steal photos, text messages, contacts, and other data from non-jailbroken iPhones, but which cannot be installed without users' consent.

An internal software security research team at Google has publicly revealed three of recently-discovered zero-day exploits in Apple's Mac OS X desktop operating system, though the severity of each vulnerability is unknown.

China's State Internet Information Office will reportedly be allowed to conduct network security inspections of Apple products offered for sale in China as the company seeks to assuage fears that its devices can be used for intelligence gathering purposes by foreign governments.

Infamous former National Security Agency contractor Edward Snowden, responsible for leaking thousands of pages of classified intelligence documents from the secretive spy organization, reportedly believes that the iPhone contains "special software" that can be remotely activated by authorities for intelligence gathering purposes.

Mac owners who regularly make use of OS X's built-in Mail application and Spotlight search should take care when searching through e-mail messages, as Spotlight's preview functionality has been shown to ignore Mail's remote content settings and could inadvertently transmit unintended data to email senders.

At next week's Chaos Communication Congress in Germany, a researcher will demonstrate a method in which a malicious actor could use a specially-crafted Thunderbolt device to inject a bootkit -- which could survive nearly any attempt to remove it -- into the EFI boot ROM of any Mac with a Thunderbolt port.

A vast and sophisticated new espionage campaign targeting "military, diplomats, and business execs," discovered by Blue Coat Labs and confirmed by Kaspersky Labs, exploits flaws in Microsoft Windows and seeks to infect Android, Blackberry and iOS devices, but is limited to only infecting iPhones and iPads that are jailbroken.

The United States Department of Justice has fined the CEO of spyware vendor StealthGenie $500,000 and demanded the firm turn over the source code for software designed to remotely monitor calls, texts and other activity on Android and jailbroken iOS devices.

Coming days after the discovery of an iOS vulnerability called "Masque Attack" was made public, Apple late Thursday issued a statement regarding the potentially malicious software, saying default OS X and iOS security settings are enough to thwart attacks.

Despite headlines fretting of a "new era in OS X and iOS malware," Apple's security systems for iOS and OS X are working as intended to protect users from exposure to the ubiquitous malware affecting open platforms including Android and Windows. Here's the realistic, non-sensationalized facts about how safe Apple's users actually are and how users can remain protected from threats that arise.

A recently-discovered vulnerability in Apple's mobile operating system could allow attackers to trick users into replacing legitimate apps that have access to a variety of personal information -- such as banking apps -- with hacked versions that relay that information to malicious actors.